Method and Apparatus for Securing a Connection in a Communications Network
US-2015281958-A1 · Oct 1, 2015 · US
Secure provision of a key
US9806883B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9806883-B2 |
| Application number | US-201414576458-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 19, 2014 |
| Priority date | Dec 23, 2013 |
| Publication date | Oct 31, 2017 |
| Grant date | Oct 31, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The embodiments relate to a method and a digital circuit area for securely providing a key using a request unit and a provision unit. In this case, a key is derived from parameters, at least one of which is used for the key derivation in a non-predefinable manner by the request unit. In this case, the key derivation is carried out in a digital circuit area in which the request unit and the provision unit are implemented.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for securely providing a derived key using a request unit and a provision unit, the method comprising: requesting, by the request unit, the derived key from the provision unit, wherein the request unit and the provision unit are integrated in a system on a chip; transmitting a first parameter from the request unit to the provision unit, wherein the first parameter is predefined by the request unit; determining a secret key by the provision unit, wherein the request unit does not have access to the secret key; deriving a second parameter, by the provision unit, from a chip identification tag, a serial number, an identifier produced by a challenge-response inquiry of a physically unclonable function, memory contents, a random number, or a combination thereof; generating the derived key, by the provision unit, from the secret key, the first parameter, and the second parameter, wherein the derived key is generated by a key derivation function in a key derivation module within the provision unit, and wherein the second parameter is used for the key derivation function in a non-predefinable manner by the request unit; and providing the request unit with the derived key. 2. The method as claimed in claim 1 , wherein the second parameter is used for the key derivation function in a manner that cannot be influenced by the request unit. 3. The method as claimed in claim 1 , wherein the request unit comprises a main processor unit of the system on chip. 4. The method as claimed in claim 3 , wherein the main processor unit is a soft main processor unit in a programmable logic gate array. 5. The method as claimed in claim 1 , wherein the second parameter is derived from the chip identification tag, the serial number, or the identifier produced by the challenge-response inquiry of the physical unclonable function. 6. The method as claimed in claim 1 , wherein the key derivation function comprises a hash function, a keyed hash function, or a cryptographic checksum calculation. 7. The method as claimed in claim 1 , wherein the key derivation function is applied to the secret key and a concatenation of the first parameter with the second parameter, or the key derivation function is applied in a concatenated manner with a first application to the secret key and the second parameter and with a second application to a result of the first application and the first parameter. 8. The method as claimed in claim 1 , wherein the derived key is derived from a third parameter that is updated and determined by the provision unit on a basis of an update parameter provided by the request unit. 9. The method as claimed in claim 8 , wherein the update parameter is used in a restricted manner, wherein the manner is restricted by a period of time or a frequency of use of the update parameter. 10. The method as claimed in claim 1 , wherein the second parameter is derived from the memory contents, wherein the memory contents comprise contents of a configuration memory or a program memory. 11. The method as claimed in claim 1 , wherein the second parameter is derived from the random number. 12. A system on a chip comprising: a request unit; and a provision unit having a key derivation module, wherein the request unit is configured to: request a derived key from a provision unit; and transmit a first parameter to the provision unit, the first parameter predefined by the request unit; wherein the provision unit is configured to: determine a secret key, wherein access to the secret key by the request unit is able to be prevented; derive a second parameter from a chip identification tag, a serial number, an identifier produced by a challenge-response inquiry of a physically unclonable function, memory contents, a random number, or a combination thereof; generate the derived key from the secret key, the first parameter, and the second parameter, wherein the derived key is generated by a key derivation function in the key derivation module, wherein the second parameter is able to be used for the key derivation function in a non-predefinable manner by the request unit; and provide the request unit with the derived key. 13. The system on a chip as claimed in claim 12 , wherein the second parameter is configured to be used by the request unit for the key derivation function in a manner that is not influenced by the request unit. 14. The system on a chip as claimed in claim 12 , wherein the request unit is a main processor unit. 15. The system on a chip as claimed in claim 14 , wherein the main processor unit is a soft main processor unit in a programmable logic gate array. 16. The system on a chip as claimed in claim 12 , wherein the second parameter is derived from the chip identification tag, the serial number, or the identifier produced by the challenge-response inquiry of the physical unclonable function. 17. The system on a chip as claimed in claim 12 , wherein the key derivation function is a hash function, a key hash function, or a cryptographic checksum calculation. 18. The system on a chip as claimed in claim 12 , wherein the key derivation function is applied to the secret key and a concatenation of the first parameter with the second parameter, or the key derivation function is applied in a concatenated manner with a first application to the secret key and the second parameter and with a second application to the result of the first application and the first parameter. 19. The system on a chip as claimed in claim 12 , wherein the derived key also is derived from a third parameter, wherein the third parameter is determined by the provision unit based on an update parameter provided by the request unit, and wherein the third parameter is configured to be updated. 20. The system on a chip as claimed in claim 19 , wherein the update parameter is used in a restricted manner, wherein the manner restricted by a period of time or a frequency of use of the update parameter.
Assignees
Inventors
Classifications
- H04L9/0816Primary
Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use · CPC title
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
using a plurality of keys or algorithms · CPC title
Key scheduling, i.e. generating round keys or sub-keys for block encryption · CPC title
- G09C1/00Primary
Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system (cryptographic typewriters G09C3/00) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9806883B2 cover?
- The embodiments relate to a method and a digital circuit area for securely providing a key using a request unit and a provision unit. In this case, a key is derived from parameters, at least one of which is used for the key derivation in a non-predefinable manner by the request unit. In this case, the key derivation is carried out in a digital circuit area in which the request unit and the prov…
- Who is the assignee on this patent?
- Falk Rainer, Siemens Ag
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0816. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 31 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).